Forbidding user name and email change

More
5 months 3 weeks ago #194430 by Jmantysalo
How can I forbid users to change their username and email address? Would it make sense to have a global option for this?

I think this is a small security issue in bigger installations where accounts are made automatically and are not of the form firstname_lastname: a user can change name and email so that he/she will appear to be different person.

Please Log in to join the conversation.

LimeSurvey Partners
More
5 months 2 weeks ago #194446 by DenisChenu
User name : what for ? Nor related to security in my opinion ?
Logi is already update disable.

About email : by plugin in my opinion. Not add again and again and again and again a new settings ....

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194450 by Jmantysalo
A plugin would be good idea, but I think there is no event that could be used for that.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194453 by DenisChenu
beforeUserSave, but there are a lack of isValid update.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194455 by Jmantysalo
Where is beforeUserSave documented? At least not listed in manual.limesurvey.org/Plugin_events

Please Log in to join the conversation.

More
5 months 2 weeks ago #194456 by DenisChenu

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194457 by Jmantysalo
OK, thanks. Now, how to disable the change? At least return false; and $this->getEvent()->set('success', false); did not work.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194460 by DenisChenu

DenisChenu wrote: but there are a lack of isValid update.

You can make a feature request please.


BUT : you can reset value.

1. get the model with $model = $this->getEvent()->get('model');
2. Check if isNewrecord www.yiiframework.com/doc/api/1.1/CActive...d#isNewRecord-detail
3. if not reset previous value ($his->email=User::model()->getByPk($model->getPrimaryKey())->getAttribute('email');

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194463 by Jmantysalo
I don't quite get this. I tested with

$iUserid = Permission::getUserId();
$model = $this->getEvent()->get('model');
$oUser = User::model()->findByPk($iUserid);
$oUser->email = "just-a-test@test";

and I think it should change anybodys email to just-a-test@test when trying to make any change. But it seems to do nothing.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194464 by DenisChenu
This work for me

public function beforeUserSave()
{
$user = $this->getEvent()->get('model');
$user->email = "This email address is being protected from spambots. You need JavaScript enabled to view it.";
}


With your code : you update current user ....

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
5 months 2 weeks ago #194467 by Jmantysalo
Thanks, now I got this to work. Here is the code snippet:

$user = $this->getEvent()->get('model');
if ($user->isNewRecord) {
// Nothing, setting the name and email for a new user.
return;
}
// Revert to old email address and full name.
$iUserid = Permission::getUserId();
$oUser = User::model()->findByPk($iUserid);
$user->email = $oUser->email;
$user->full_name = $oUser->full_name;

Please Log in to join the conversation.

More
5 months 2 weeks ago #194484 by DenisChenu
Please : think have a isValid allowed update still better :)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now